Changeset 6440 for TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test

Timestamp:

29/01/10 14:07:36 (11 years ago)

Author:

pjkersha

Message:

• #1088 Important fix to AuthnRedirectResponseMiddleware? to set redirect ONLY when SSL client authentication has just succeeded in the upstream middleware AuthKitSSLAuthnMiddleware. This bug was causing the browser to redirect to the wrong place following OpenID sign in in the case where the user is already logged into their provider and selects a new relying party to sign into.
  • Improvements to Provider decide page interface: leave out messages about attributes that the provider can't retrieve for the RP. Also included NDG style help icon.

Location:

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test

Files:

• config/attributeauthority/sitea/attributeCertificateLog/ac.xml (modified) (2 diffs)
• integration/authz_lite/openidprovider/js (added)
• integration/authz_lite/openidprovider/js/toggleDiv.js (added)
• integration/authz_lite/openidrelyingparty/public/js (added)
• integration/authz_lite/openidrelyingparty/public/js/toggleDiv.js (added)
• integration/authz_lite/openidrelyingparty/public/layout/default.css (modified) (5 diffs)
• integration/authz_lite/securityservices.ini (modified) (2 diffs)
• unit/sslclientauthnmiddleware/test_sslclientauthn.py (modified) (1 diff)

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog/ac.xml

@@ -9 +9 @@
         <userId>ndg-user</userId>
         <validity>
-            <notBefore>2010 01 11 15 49 07</notBefore> 
-            <notAfter>2010 01 11 23 49 07</notAfter> 
+            <notBefore>2010 01 20 08 54 54</notBefore> 
+            <notAfter>2010 01 20 16 54 54</notAfter> 
         </validity>
         <attributes>
@@ -33 +33 @@
         <provenance>original</provenance> 
     </acInfo>
-<ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>cs742SaTEW8PS3CCXsxLO6MicaE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Z2CdNfHi6XVUdUMKWZMvEzd2vBLJebd4NEfnetyfEAHjhZosiZ6ladn4p+tgnUXZ2ZdtnpYE3j44
-F1ceowUA5DWxaS2Gs1jhWXTZYAkgohwH9ZUUEwiN7Rtj/C8aMB0aAjxHI/X5U/J/Lrriw0MrIQ1r
-oA0AIRrGA9YByOVP1jY=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+<ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>s1dB/p8Cl1SmY0/Jcq+2z2biXHs=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Sw36kLKRjSro9409KGZ5YPsQrU9FcvkzwO5n3WJ1WQkgDTS2IhGHCW5OB64bL8e3Ub3gdM1WlHC4
+ybGYfPOuuVfQ4ZHHfLqQMWA9p5ALRmUTAglSt9/uTPYzc8yk7wCWHNYqMDVPHbHwy5MWyAToCHGx
+rqJRs9WgozMJMugslJk=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNTE2MzUy
 NFoXDTEzMTIxNDE2MzUyNFowSjEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/openidrelyingparty/public/layout/default.css

@@ -1 @@
-/* Following information on http://css.maxdesign.com.au/floatutorial/tutorial0816.htm */
-/* Entire Page Contents */
+/*
+* NDG Security OpenID Provider and Relying Party Stylesheet
+*/
 
 body, html {
-        margin: 0;
-        padding: 0;
-        border: 0;
-        background-color: #eee;
-        color:#333333;
-        font-family:Verdana, Arial, Helvetica, sans-serif;
-        line-height:1.4;
-        font-size:small;
+    margin: 0;
+    padding: 0;
+    border: 0;
+    background-color: #eee;
+    color:#333333;
+    font-family:Verdana, Arial, Helvetica, sans-serif;
+    line-height:1.4;
+    font-size: small;
 }
 
-body {
-
+.helptxt {
+    font-size: smaller; 
+    background-color: #e6f0f8;
 }
 
 
+div.hidden {
+    display: none;
+}
+
+.helpicon
+{
+    cursor:help;
+}
+
+/*
+* Provider Attribute Exchange Request parameters
+*/
+#opAXRequestedAttributes {
+    width: 100%;
+    border-collapse: collapse;
+    background-color: #e6f0f8;
+    table-layout: auto;
+    margin-top:10px; 
+    margin-bottom: 20px; 
+}
+
+#opAXRequestedAttributes td, #opAXRequestedAttributes th 
+{
+    font-size:0.9em;
+    border:1px solid #ffffff;
+    padding:3px 7px 2px 7px;
+}
+
+#opAXRequestedAttributes th 
+{
+    font-size:1.0em;
+    text-align:left;
+    padding-top:5px;
+    padding-bottom:4px;
+    background-color: #cedbe5;
+    color: #333;
+}
+
 
 /* Top Banner Div */
-
 #header {
     color: #8c8c8c;
@@ -31 +70 @@
     clear: both; 
     margin-top:10px; 
-/*    border: solid #555555;*/
     border: solid #8c8c8c;
     border-width: 0 0 2px 0;
@@ -46 +84 @@
 }
 
-.searchBar {margin-top: 2px; background-color:  #f0f0f0; } /* Change this color and you need to change the color in the pagetab current */
-.searchBar table {padding-left:10px; padding-bottom:0px; margin:0px;font-weight:bold;}
-.searchBar .hidden {display:none}
-/* .searchOneLine {margin-top: 2px; margin-bottom: 2px; background-color: #f0f0f0; text-align:right; font-size:100%;} */
-
-#Header {color: black; background-color: white; text-align: center; margin-bottom: 10px; padding-top: 3px; padding-right: 0px; padding-left: 0px; padding-bottom: 0px; font-size: medium; font-weight:bold; color:white}
-#Header table {margin:0px; padding:20px;}
-
-/* Main Tabs First Cut */
-/* Reminder: top, right, bottom, left */
-#PageTabs {margin: 5px 0px 0px 0px; line-height:normal;border: solid black; border-width: 0px 0px 0px 0px;}
-#PageTabRow {width:100%; }
-#PageTabRow ul {margin:0 0 0 10px; padding:0; list-style:none; }
-#PageTabRow li {float:left; margin-right:10px; padding: 2px 10px; border: solid black; border-width:1px 1px 0px 1px; }
-#PageTabRow li.current {position:relative; top:1px; background-color: #f0f0f0; } /* color should be same as searchBar! */
-#PageTabRow li.hidden {}
-#PageTabRow a {display:block; text-decoration:none;}
-.line {border-top: 1px solid black; clear:both;}
-
-
-/* In page tabs */
-/* Reminder: top, right, bottom, left */
-.InPageTabs {margin: 5px 20px 0px 20px; line-height:normal; border: solid black; border-width: 0px 0px 0px 0px;}
-
-.InPageHdr ul {margin:0 0 0 10px; padding:0; list-style:none; }
-.InPageHdr li {float:left; margin-right:10px; padding: 2px 10px; border: solid black; border-width:1px 1px 0px 1px; }
-.InPageHdr li.current {position:relative; top:1px; background-color: #f0f0f0; } /* color should be same as searchBar! */
-.InPageHdr li.hidden {}
-.InPageHdr a {display:block; text-decoration:none;}
-.InPageContent {border:1px solid black; clear: both;}
-.InPageContent ul {list-style:none;}
-.InPageContent .hidden {display:none;}
-/* Left Column if Necessary */
-
-#Left{ WIDTH: 220px; FLOAT: left; margin-bottom: 10px; margin-right:10px;margin-left:5px;}
-.tabhdr { margin-top:5px; float:left; line-height:normal;}
-.tabhdr ul {margin:0; padding:0; list-style:none;}
-.tabhdr a:link {display:block; text-decoration:none; color:black; float:left; width:5em;}
-.tabhdr li {margin:0;}
-.tabhdr li.current {float:left; margin-right:3px; padding:2px 10px; background-color:#f0f0f0; 
-                    border-top: 1px solid #3c78b5; border-right: 1px solid #3c78b5; border-left: 1px solid #3c78b5; position:relative;top:1px;}
-.tabhdr li.hidden {float:left; margin-right:3px; padding:2px 10px;
-    border-left:1px solid #3c78b5; border-right:1px solid #3c78b5; border-top:1px solid #3c78b5; }
-.tabcontent {padding:2px 10px; background: #f0f0f0; clear:both; border:1px solid #3c78b5;}
-.tabcontent ul {list-style:none; font-size:50%; margin-left:0; padding-left:0; }
-/* Main Content */
-
-#contents  {border-left: 1px solid #3c78b5;}
-#contentsRight  {border-left: 1px solid #3c78b5; margin-left:250px;}
-
-.error {display:block;text-align:center;font-size:150%;background-color:red; padding:10px;}
-
-/* The following is the css associated with pretty printing xml */
-.xmlDoc {font-size:80%}
-.xmlElem {PADDING-LEFT: 20px;}
-.xmlAttrVal {COLOR:Red; }
-.xmlAttrTyp {COLOR:Green; }
-.xmlElemTag {COLOR:Blue; }
-.highlight {BACKGROUND-COLOR:Yellow; }
-.ndgem {FONT-WEIGHT: bold}
-
-/* This is the "metadata" css */
-.metadata {PADDING-LEFT: 20px; font-size:80%; padding-right:20px;}
-#Corrections {PADDING-LEFT:20px; font-size:80%; padding-right:20px;}
-.metadata #keywords {COLOR: Blue; FONT-SIZE:120%; FONT-WEIGHT:bold;}
-.metaentry {COLOR: Black}
-.metadata .hidden {display:none}
-
 /* We don't want borders on linked images */
 a img {border: none;}
 
-/* StubB */
-.headingblock{background-color: #f0f0f0;border: 1px solid #3c78b5; margin:10px 60px 20px 50px; padding-top:5px;}
-/* .bottomblock{border: 1px solid #3c78b5; margin-left:5px;margin-right:5px;padding:5px;}*/
-
-.heading {
-    font-size: 140%;
-    font-weight: bold;
-    color: #003366;
-    padding: 4px;
-    text-align:center;
-    }
-    
-  
-/* top right bottom left */
-.metadata #abstract {MARGIN: 5px 20px 10px 20px; font-size:100%;  padding: 8px 8px 8px 8px; text-align:justify;} 
-.metadata h4 {font-size: 120%;
-    line-height: normal;
-    font-weight: bold;
-    color: #003366;
-    padding: 2px 2px 2px 2px;
-    margin: 0px 0px 4px 0px;
-}
-.metadata table {padding-top:10px;}
-
-.linehead {
-    font-size: 120%;
-    line-height: normal;
-    font-weight: bold;
-    background-color: #f0f0f0;
-    color: #003366;
-    border-bottom: 1px solid #3c78b5;
-    padding: 2px 2px 2px 2px;
-    margin: 0px 0px 4px 0px;
-}
-.emphatic {font-size: 120%;
-    line-height: normal;
-    font-weight: bold;
-    background-color: #f0f0f0;
-    color: #003366;
-    border-bottom: 1px solid #3c78b5;
-    padding: 2px 2px 2px 2px;
-    margin: 0px 0px 4px 0px;
-    }
-.rowhead {
-    font-size: 100%;
-    font-weight: bold;
-    border-bottom: 1px solid #3c78b5;
-    }
-.cellhead { font-size: 100%; font-weight: bold;} 
-
-.ndgem {font-weight:bold}
-tr.rowlo {background: #eeeeee;
-border-top:1px;
-border-bottom:1px;
-border-bottom-color:#FFFFFF;
-border-top-color:#000000;
-}
-tr.rowhi {
-border-top:1px;
-border-bottom:1px;
-border-bottom-color:#FFFFFF;
-border-top-color:#000000;
-}
-
-/* Selection page */
-
-.gsummary .hidden {display: none}
-
-
 /* And now the footer */
-#Footer  {
+#footer {
     color: #ffffff; 
     background-color: #003153; 
@@ -212 +113 @@
 }
 
+/*
+* Provider Login
+*/
+#loginForm {
+    margin-bottom: 50px; 
+    padding-top: 0px; 
+    padding-right: 10px; 
+    padding-left: 10px; 
+    clear: both; 
+    margin-top:25px; 
+}
+
+/* 
+* Provider Decide Page form Content 
+*/
+#decideFormContent {
+    margin-top:25px; 
+    margin-bottom: 50px; 
+    padding-top: 0px; 
+    padding-right: 10px; 
+    padding-left: 10px; 
+    border-width: 0 0 2px 0;
+    clear: both; 
+}
+
+/* 
+* Provider - display user OpenID in decide page interface 
+*/
+#identityUriBox {
+    font-size:0.9em;
+    color: black;
+    background-color: #e6f0f8;
+    margin-top:10px; 
+    margin-bottom: 20px; 
+    padding-top: 10px; 
+    padding-right: 10px; 
+    padding-left: 7px; 
+    padding-bottom: 10px;
+}
+
+/*
+* Provider Main page
+*/
+#mainPageContent {
+    margin-top:25px; 
+    margin-bottom: 50px; 
+    padding-top: 0px; 
+    padding-right: 10px; 
+    padding-left: 10px; 
+    border-width: 0 0 2px 0;
+    clear: both; 
+}
+
+/*
+* Provider - error page
+*/
+#errorContent {
+    margin-top:25px; 
+    margin-bottom: 50px; 
+    padding-top: 0px; 
+    padding-right: 10px; 
+    padding-left: 10px; 
+    border-width: 0 0 2px 0;
+    clear: both; 
+}
+
 #message {
     color: #8c8c8c;
@@ -223 +190 @@
     border-radius: 10px 10px;
     margin: 20px;
-    /*padding: 10px 20px;*/
 }

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini

@@ -123 +123 @@
 
 openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
-openid.relyingparty.idpWhitelistConfigFilePath = %(here)s/openidrelyingparty/ssl-idp-validator.xml
+#openid.relyingparty.idpWhitelistConfigFilePath = %(here)s/openidrelyingparty/ssl-idp-validator.xml
 openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.genshi.GenshiSigninTemplate
-#openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
+openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
 openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
 openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
@@ -176 +176 @@
 # specified - see commented out entry for firstName below.  The number of
 # attributes for each attribute name defaults to 1 unless otherwise set
-authkit.openid.ax.typeuri.firstName=http://openid.net/schema/namePerson/first
-authkit.openid.ax.alias.firstName=firstName
-#authkit.openid.ax.count.firstName=1
+#authkit.openid.ax.typeuri.firstName=http://openid.net/schema/namePerson/first
+#authkit.openid.ax.alias.firstName=firstName
+##authkit.openid.ax.count.firstName=1
 #authkit.openid.ax.required.firstName=True
-authkit.openid.ax.typeuri.lastName=http://openid.net/schema/namePerson/last
-authkit.openid.ax.alias.lastName=lastName
-authkit.openid.ax.required.lastName=True
-authkit.openid.ax.typeuri.emailAddress=http://openid.net/schema/contact/internet/email
-authkit.openid.ax.alias.emailAddress=emailAddress
-authkit.openid.ax.required.emailAddress=True
-
+#authkit.openid.ax.typeuri.lastName=http://openid.net/schema/namePerson/last
+#authkit.openid.ax.alias.lastName=lastName
+#authkit.openid.ax.required.lastName=True
+#authkit.openid.ax.typeuri.emailAddress=http://openid.net/schema/contact/internet/email
+#authkit.openid.ax.alias.emailAddress=emailAddress
+#authkit.openid.ax.required.emailAddress=True
+
+# ESG Gateway requested parameters
+authkit.openid.ax.typeuri.uuid:http://openid.net/schema/person/guid
+authkit.openid.ax.alias.uuid=uuid
+authkit.openid.ax.typeuri.username:http://openid.net/schema/namePerson/friendly
+authkit.openid.ax.alias.username=username
+authkit.openid.ax.typeuri.firstname:http://openid.net/schema/namePerson/first
+authkit.openid.ax.alias.firstname=firstname
+authkit.openid.ax.required.firstname:True
+authkit.openid.ax.typeuri.middlename:http://openid.net/schema/namePerson/middle
+authkit.openid.ax.alias.middlename=middlename
+authkit.openid.ax.typeuri.lastname:http://openid.net/schema/namePerson/last
+authkit.openid.ax.required.lastname:True
+authkit.openid.ax.alias.lastname=lastname
+authkit.openid.ax.typeuri.email:http://openid.net/schema/contact/internet/email
+authkit.openid.ax.required.email:True
+authkit.openid.ax.alias.email=email
+authkit.openid.ax.typeuri.gateway:http://www.earthsystemgrid.org/gateway
+authkit.openid.ax.alias.gateway=gateway
+authkit.openid.ax.typeuri.organization:http://openid.net/schema/company/name
+authkit.openid.ax.alias.organization=organization
+authkit.openid.ax.typeuri.city:http://openid.net/schema/contact/city/home
+authkit.openid.ax.alias.city=city
+authkit.openid.ax.typeuri.state:http://openid.net/schema/contact/state/home
+authkit.openid.ax.alias.state=state
+authkit.openid.ax.typeuri.country:http://openid.net/schema/contact/country/home
+authkit.openid.ax.alias.country=country
 
 [filter:SSLCientAuthnRedirectResponseFilter]

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/sslclientauthnmiddleware/test_sslclientauthn.py

@@ -25 +25 @@
 from ndg.security.common.utils.configfileparsers import \
                                                     CaseSensitiveConfigParser
-from ndg.security.common.m2CryptoSSLUtility import HTTPSConnection
+from ndg.security.common.utils.m2crypto import HTTPSConnection